On 04 Feb 2010 15:39:55 +0000, Chris Thompson <c...@cam.ac.uk> said: > On Feb 4 2010, Alexander Gall wrote: >> Of the 60 sources in my sample, >> 26 responded to version queries. All of them identified themselves as >> some version of BIND >> >> 5 "9.5.0-P2" >> 3 "9.4.2-P2.1" >> 3 "9.4.2-P2" >> 3 "9.4.2-P1" >> 3 "9.3.4-P1" >> 1 "9.5.1-P3" >> 1 "9.5.0b3" >> 1 "9.4.1-P1" >> 1 "9.4.1" >> 1 "9.3.5-P2" >> 1 "9.3.5-P1" >> 1 "9.3.4-P1.2" >> 1 "9.3.4-P1.1" >> 1 "9.3.4" >> >> All of those are NSEC3-agnostic. They should not do any DNSSEC >> processing for the ch zone, because they don't support algorithm #7.
> Most of the above versions will not have this fix > 2579. [bug] DNSSEC lookaside validation failed to handle unknown > algorithms. [RT #19479] > which could lead to all sorts of confusion if they are validating > via dlv.isc.org (say). Right, I forgot about that. > But the solitary 9.5.1-P3 is a counter-example (2579 was fixed in > 9.5.1-P2). Maybe its version number is faked ... It might still be worth checking what exactly causes this behaviour. -- Alex _______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
